Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/1WdFXv1Jg5APhjnipHcc4mLeqvg.roa
File:                     1WdFXv1Jg5APhjnipHcc4mLeqvg.roa (raw, json)
Hash identifier:          IZKCSGM3fACKg/PrPaA+UZQwdKhIoEOq7r5L+j4pjTg=
Subject key identifier:   D5:67:45:5E:FD:49:83:90:0F:86:39:E2:A4:77:1C:E2:62:DE:AA:F8
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       019CE1060045B497AEED83790C5F784EF815
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/1WdFXv1Jg5APhjnipHcc4mLeqvg.roa
Signing time:             Thu 12 Mar 2026 07:49:52 +0000
ROA not before:           Thu 12 Mar 2026 07:49:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        91.234.22.0/24 maxlen: 24
                          194.59.6.0/24 maxlen: 24
                          194.59.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:06:00:45:b4:97:ae:ed:83:79:0c:5f:78:4e:f8:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Mar 12 07:49:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d567455efd4983900f8639e2a4771ce262deaaf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0c:e6:e8:a9:98:b8:1d:4b:e2:e7:0e:db:50:
                    a4:6f:30:1e:71:50:76:64:b3:a7:d7:2f:f7:7b:ea:
                    72:2a:63:2b:6d:b6:0a:0a:32:f3:26:52:88:78:2e:
                    b3:fe:85:6d:16:fa:09:1b:17:00:db:4a:20:5b:d3:
                    e8:db:29:20:56:9c:c9:86:13:af:51:4e:e7:c5:07:
                    e2:9b:ea:be:db:f2:6a:68:05:dc:21:fe:9c:8a:88:
                    a3:6e:07:8e:1f:6b:24:6f:ef:20:4e:fd:d7:b9:8e:
                    90:63:8a:99:8f:64:52:98:84:82:4a:2a:a7:18:35:
                    46:9d:a6:be:cb:7b:95:ab:95:b8:00:b6:4f:23:93:
                    8d:39:42:50:56:22:d6:b3:66:79:e8:b3:d0:78:03:
                    27:ff:04:9a:ea:6e:65:d4:9b:b9:12:44:92:d2:9d:
                    53:dd:3f:92:25:1d:da:a6:ee:50:de:4c:e4:11:07:
                    26:f5:a6:c4:e8:1b:21:d1:1e:e3:98:c0:8b:5d:39:
                    d4:5a:41:16:62:de:76:bf:f9:a1:8a:9e:ce:47:d6:
                    e5:84:64:cf:3d:4a:d2:f0:33:f6:6c:ef:39:7c:9b:
                    39:e4:77:eb:f0:d8:f1:bd:1e:cc:43:ef:71:8c:4f:
                    39:46:a5:36:ee:76:c3:19:dd:f9:f7:56:67:f7:53:
                    dc:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:67:45:5E:FD:49:83:90:0F:86:39:E2:A4:77:1C:E2:62:DE:AA:F8
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/1WdFXv1Jg5APhjnipHcc4mLeqvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.22.0/24
                  194.59.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:0c:95:a3:69:a1:9a:4c:c2:e7:f8:77:44:23:b2:35:73:a4:
         7e:50:4c:f1:cd:fd:c1:df:05:13:2a:a6:cd:23:fd:fe:10:15:
         e4:e8:45:ec:36:ea:0c:32:43:84:61:c6:63:68:82:72:dd:65:
         f3:79:c6:55:ac:3f:13:e7:7d:e9:a3:c9:36:1a:17:b3:97:15:
         cd:d3:78:e3:3e:a1:9c:59:ea:6a:e3:78:0c:b2:f5:d3:57:5e:
         15:80:6d:7f:07:d7:de:e0:fa:ce:fd:3b:f6:84:6f:58:a5:a6:
         0b:49:e9:c0:7f:23:ff:e8:23:12:56:25:ee:5a:4b:f2:19:e9:
         6f:50:00:22:9b:c4:9d:37:d3:6a:8c:7c:13:e0:4d:36:b0:fb:
         ee:91:66:63:25:25:7b:09:1f:1c:f8:58:92:d9:e0:9c:47:a2:
         7c:52:66:e9:6c:19:31:80:66:43:a9:c6:b9:b5:20:76:da:7a:
         fa:94:6b:7a:5a:f0:ce:6a:24:a5:8e:30:93:40:61:01:cb:7d:
         52:82:5c:ee:1d:e6:8d:aa:8a:53:e2:85:12:00:b7:fd:56:43:
         b2:72:90:bc:cd:41:ff:93:af:66:ab:f7:95:43:7f:94:6b:1e:
         ab:5b:23:83:2b:bb:80:dc:37:18:b7:c5:b7:eb:45:e8:58:1e:
         c7:5c:90:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzhBgBFtJeu7YN5DF94TvgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjYwMzEyMDc0OTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTY3NDU1ZWZkNDk4MzkwMGY4NjM5ZTJhNDc3MWNlMjYyZGVhYWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAzm6KmYuB1L4ucO21CkbzAecVB2
ZLOn1y/3e+pyKmMrbbYKCjLzJlKIeC6z/oVtFvoJGxcA20ogW9Po2ykgVpzJhhOv
UU7nxQfim+q+2/JqaAXcIf6cioijbgeOH2skb+8gTv3XuY6QY4qZj2RSmISCSiqn
GDVGnaa+y3uVq5W4ALZPI5ONOUJQViLWs2Z56LPQeAMn/wSa6m5l1Ju5EkSS0p1T
3T+SJR3apu5Q3kzkEQcm9abE6Bsh0R7jmMCLXTnUWkEWYt52v/mhip7OR9blhGTP
PUrS8DP2bO85fJs55Hfr8NjxvR7MQ+9xjE85RqU27nbDGd3591Zn91Pc6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNVnRV79SYOQD4Y54qR3HOJi3qr4MB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvMVdkRlh2MUpnNUFQaGpuaXBIY2M0bUxlcXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+oWAwQB
wjsGMA0GCSqGSIb3DQEBCwUAA4IBAQBjDJWjaaGaTMLn+HdEI7I1c6R+UEzxzf3B
3wUTKqbNI/3+EBXk6EXsNuoMMkOEYcZjaIJy3WXzecZVrD8T533po8k2GhezlxXN
03jjPqGcWepq43gMsvXTV14VgG1/B9fe4PrO/Tv2hG9YpaYLSenAfyP/6CMSViXu
WkvyGelvUAAim8SdN9NqjHwT4E02sPvukWZjJSV7CR8c+FiS2eCcR6J8UmbpbBkx
gGZDqca5tSB22nr6lGt6WvDOaiSljjCTQGEBy31SglzuHeaNqopT4oUSALf9VkOy
cpC8zUH/k69mq/eVQ3+Uax6rWyODK7uA3DcYt8W360XoWB7HXJBR
-----END CERTIFICATE-----